Results 1  10
of
163
Efficient algorithms for pairingbased cryptosystems
, 2002
"... Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in ..."
Abstract

Cited by 299 (23 self)
 Add to MetaCart
Abstract. We describe fast new algorithms to implement recent cryptosystems based on the Tate pairing. In particular, our techniques improve pairing evaluation speed by a factor of about 55 compared to previously known methods in characteristic 3, and attain performance comparable to that of RSA in larger characteristics. We also propose faster algorithms for scalar multiplication in characteristic 3 and square root extraction over Fpm, the latter technique being also useful in contexts other than that of pairingbased cryptography. 1
Efficient Pairing Computation on Supersingular Abelian Varieties
 Designs, Codes and Cryptography
, 2004
"... We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and ..."
Abstract

Cited by 133 (23 self)
 Add to MetaCart
We present a general technique for the efficient computation of pairings on supersingular Abelian varieties. As particular cases, we describe efficient pairing algorithms for elliptic and hyperelliptic curves in characteristic 2. The latter is faster than all previously known pairing algorithms, and as a bonus also gives rise to faster conventional Jacobian arithmetic.
The Eta Pairing Revisited
 IEEE Transactions on Information Theory
, 2006
"... Abstract. In this paper we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto et al., to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speedup o ..."
Abstract

Cited by 91 (8 self)
 Add to MetaCart
Abstract. In this paper we simplify and extend the Eta pairing, originally discovered in the setting of supersingular curves by Barreto et al., to ordinary curves. Furthermore, we show that by swapping the arguments of the Eta pairing, one obtains a very efficient algorithm resulting in a speedup of a factor of around six over the usual Tate pairing, in the case of curves which have large security parameters, complex multiplication by an order of Q ( √ −3), and when the trace of Frobenius is chosen to be suitably small. Other, more minor savings are obtained for 1 2 more general curves. 1
A HighPerformance Reconfigurable Elliptic Curve Processor for GF(2 m )
, 2000
"... . This work proposes a processor architecture for elliptic curves cryptosystems over fields GF(2 m ). This is a scalable architecture in terms of area and speed that exploits the abilities of reconfigurable hardware to deliver optimized circuitry for different elliptic curves and finite fields. ..."
Abstract

Cited by 68 (6 self)
 Add to MetaCart
. This work proposes a processor architecture for elliptic curves cryptosystems over fields GF(2 m ). This is a scalable architecture in terms of area and speed that exploits the abilities of reconfigurable hardware to deliver optimized circuitry for different elliptic curves and finite fields. The main features of this architecture are the use of an optimized bitparallel squarer, a digitserial multiplier, and two programmable processors. Through reconfiguration, the squarer and the multiplier architectures can be optimized for any field order or field polynomial. The multiplier performance can also be scaled according to system's needs. Our results show that implementations of this architecture executing the projective coordinates version of the Montgomery scalar multiplication algorithm can compute elliptic curve scalar multiplications with arbitrary points in 0.21 msec in the field GF(2 167 ). A result that is at least 19 times faster than documented hardware imple...
Constructing Elliptic Curves with Prescribed Embedding Degrees
, 2002
"... Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but smal ..."
Abstract

Cited by 52 (16 self)
 Add to MetaCart
Pairingbased cryptosystems depend on the existence of groups where the Decision DiffieHellman problem is easy to solve, but the Computational DiffieHellman problem is hard. Such is the case of elliptic curve groups whose embedding degree is large enough to maintain a good security level, but small enough for arithmetic operations to be feasible. However, the embedding degree is usually enormous, and the scarce previously known suitable elliptic groups had embedding degree k <= 6. In this note, we examine criteria for curves with larger k that generalize prior work by Miyaji et al. based on the properties of cyclotomic polynomials, and propose efficient representations for the underlying algebraic structures.
Multipurpose IdentityBased Signcryption  A Swiss Army Knife for IdentityBased Cryptography
 In Proc. CRYPTO 2003
, 2003
"... IdentityBased (IB) cryptography is a rapidly emerging approach to publickey cryptography that does not require principals to precompute key pairs and obtain certi cates for their public keysinstead, public keys can be arbitrary identi ers such as email addresses, while private keys are deri ..."
Abstract

Cited by 50 (1 self)
 Add to MetaCart
IdentityBased (IB) cryptography is a rapidly emerging approach to publickey cryptography that does not require principals to precompute key pairs and obtain certi cates for their public keysinstead, public keys can be arbitrary identi ers such as email addresses, while private keys are derived at any time by a trusted private key generator upon request by the designated principals. Despite the urry of recent results on IB encryption and signature, some questions regarding the security and eciency of practicing IB encryption (IBE) and signature (IBS) as a joint IB signature/encryption (IBSE) scheme with a common set of parameters and keys, remain unanswered.
On the Selection of PairingFriendly Groups
, 2003
"... We propose a simple algorithm to select group generators suitable for pairingbased cryptosystems. The selected parameters are shown to favor implementations of the Tate pairing that are at once conceptually simple and very efficient, with an observed performance about 2 to 10 times better than prev ..."
Abstract

Cited by 46 (12 self)
 Add to MetaCart
We propose a simple algorithm to select group generators suitable for pairingbased cryptosystems. The selected parameters are shown to favor implementations of the Tate pairing that are at once conceptually simple and very efficient, with an observed performance about 2 to 10 times better than previously reported implementations.
Unbelievable Security: Matching AES security using public key systems
 PROCEEDINGS ASIACRYPT 2001, LNCS 2248, SPRINGERVERLAG 2001, 67–86
, 2001
"... The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finit ..."
Abstract

Cited by 45 (4 self)
 Add to MetaCart
The Advanced Encryption Standard (AES) provides three levels of security: 128, 192, and 256 bits. Given a desired level of security for the AES, this paper discusses matching public key sizes for RSA and the ElGamal family of protocols. For the latter both traditional multiplicative groups of finite fields and elliptic curve groups are considered. The practicality of the resulting systems is commented upon. Despite the conclusions, this paper should not be interpreted as an endorsement of any particular public key system in favor of any other.
An EnergyEfficient Reconfigurable PublicKey Cryptography Processor
 IEEE Journal of SolidState Circuits
, 2001
"... ..."